svn commit: r920020 - in /websites/production/activemq/content: cache/main.pageCache encrypted-passwords.html

Thu, 21 Aug 2014 03:22:04 -0700 

Author: buildbot
Date: Thu Aug 21 10:20:40 2014
New Revision: 920020

Log:
Production update by buildbot for activemq

Modified:
    websites/production/activemq/content/cache/main.pageCache
    websites/production/activemq/content/encrypted-passwords.html

Modified: websites/production/activemq/content/cache/main.pageCache
==============================================================================
Binary files - no diff available.

Modified: websites/production/activemq/content/encrypted-passwords.html
==============================================================================
--- websites/production/activemq/content/encrypted-passwords.html (original)
+++ websites/production/activemq/content/encrypted-passwords.html Thu Aug 21 
10:20:40 2014
@@ -81,39 +81,22 @@
   <tbody>
         <tr>
         <td valign="top" width="100%">
-<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt 
your passwords and safely store them in configuration files. To encrypt the 
password, you can use the newly added <code>encrypt</code> command like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+<div class="wiki-content maincontent"><p>As of ActiveMQ 5.4.1 you can encrypt 
your passwords and safely store them in configuration files. To encrypt the 
password, you can use the newly added <code>encrypt</code> command 
like:</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[$ bin/activemq encrypt --password activemq 
--input mypassword
 ...
 Encrypted text: eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp]]></script>
-</div></div>
-
-<p>Where the password you want to encrypt is passed with the 
<code>input</code> argument, while the <code>password</code> argument is a 
secret used by the encryptor.<br clear="none">
-In a similar fashion you can test-out your passwords like:</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>Where the password you want to encrypt is passed with the 
<code>input</code> argument, while the <code>password</code> argument is a 
secret used by the encryptor. In a similar fashion you can test-out your 
passwords like:</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[$ bin/activemq decrypt  --password activemq 
--input eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp
 ...
 Decrypted text: mypassword]]></script>
-</div></div>
-
-<p>The next step is to add the password to the appropriate configuration file, 
<code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p><strong>Note:</strong> It is recommended that you use only 
alphanumeric characters for the password. Special characters, such as 
<code>$/^&amp;</code>, are not supported.</p><p>The next step is to add the 
password to the appropriate configuration file, 
<code>$ACTIVEMQ_HOME/conf/credentials-enc.properties</code> by default.</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[activemq.username=system
 activemq.password=ENC(mYRkg+4Q4hua1kvpCCI2hg==)
 guest.password=ENC(Cf3Jf3tM+UrSOoaKU50od5CuBa8rxjoL)
 ...
 jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTytV11bZItDp)
 ]]></script>
-</div></div>
-
-<p>Note that we used <code>ENC()</code> to wrap our encrypted passwords. You 
can mix plain and encrypted passwords in your properties files, so encrypted 
ones must be wrapped this way.</p>
-
-<p>Finally, you need to instruct your property loader to encrypt variables 
when it loads properties to the memory. Instead of standard property loader 
we'll use the special one (see 
<code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve this.</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>Note that we used <code>ENC()</code> to wrap our encrypted 
passwords. You can mix plain and encrypted passwords in your properties files, 
so encrypted ones must be wrapped this way.</p><p>Finally, you need to instruct 
your property loader to encrypt variables when it loads properties to the 
memory. Instead of standard property loader we'll use the special one (see 
<code>\$ACTIVEMQ_HOME/conf/activemq-security.xml</code>) to achieve 
this.</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[&lt;bean 
id=&quot;environmentVariablesConfiguration&quot; 
class=&quot;org.jasypt.encryption.pbe.config.EnvironmentStringPBEConfig&quot;&gt;
   &lt;property name=&quot;algorithm&quot; value=&quot;PBEWithMD5AndDES&quot; 
/&gt;
   &lt;property name=&quot;passwordEnvName&quot; 
value=&quot;ACTIVEMQ_ENCRYPTION_PASSWORD&quot; /&gt;
@@ -127,24 +110,12 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
   &lt;constructor-arg ref=&quot;configurationEncryptor&quot; /&gt; 
   &lt;property name=&quot;location&quot; 
value=&quot;file:${activemq.base}/conf/credentials-enc.properties&quot;/&gt; 
 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>With this configuration ActiveMQ will try to load your encryptor password 
from the <code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> environment variable and 
then use it to decrypt passwords from <code>credential-enc.properties</code> 
file.</p>
-
-<p>Alternative is to use a simple variant and store encryptor password in the 
xml file, like this</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>With this configuration ActiveMQ will try to load your 
encryptor password from the <code>ACTIVEMQ_ENCRYPTION_PASSWORD</code> 
environment variable and then use it to decrypt passwords from 
<code>credential-enc.properties</code> file.</p><p>Alternative is to use a 
simple variant and store encryptor password in the xml file, like this</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[&lt;bean 
id=&quot;configurationEncryptor&quot; 
class=&quot;org.jasypt.encryption.pbe.StandardPBEStringEncryptor&quot;&gt;
   &lt;property name=&quot;algorithm&quot; 
value=&quot;PBEWithMD5AndDES&quot;/&gt;
   &lt;property name=&quot;password&quot; value=&quot;activemq&quot;/&gt;
 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>but with that you'll lose the secrecy of the encryptor's secret. You may 
also consult <a shape="rect" class="external-link" 
href="http://www.jasypt.org/advancedconfiguration.html"; 
rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more 
ideas on how to configure Jasypt.</p>
-
-<p>Finally, we can use properties like we'd normally do</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>but with that you'll lose the secrecy of the encryptor's 
secret. You may also consult <a shape="rect" class="external-link" 
href="http://www.jasypt.org/advancedconfiguration.html"; 
rel="nofollow">http://www.jasypt.org/advancedconfiguration.html</a> for more 
ideas on how to configure Jasypt.</p><p>Finally, we can use properties like 
we'd normally do</p><div class="code panel pdl" style="border-width: 1px;"><div 
class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[&lt;simpleAuthenticationPlugin&gt;
   &lt;users&gt;
     &lt;authenticationUser username=&quot;system&quot; 
password=&quot;${activemq.password}&quot;
@@ -154,11 +125,7 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
     &lt;authenticationUser username=&quot;guest&quot; 
password=&quot;${guest.password}&quot; groups=&quot;guests&quot;/&gt;
   &lt;/users&gt;
 &lt;/simpleAuthenticationPlugin&gt;]]></script>
-</div></div>
-
-<p>or</p>
-
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>or</p><div class="code panel pdl" style="border-width: 
1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[&lt;bean id=&quot;mysql-ds&quot; 
class=&quot;org.apache.commons.dbcp.BasicDataSource&quot; 
destroy-method=&quot;close&quot;&gt;
   &lt;property name=&quot;driverClassName&quot; 
value=&quot;com.mysql.jdbc.Driver&quot;/&gt;
   &lt;property name=&quot;url&quot; 
value=&quot;jdbc:mysql://localhost/activemq?relaxAutoCommit=true&quot;/&gt;
@@ -167,23 +134,13 @@ jdbc.password=ENC(eeWjNyX6FY8Fjp3E+F6qTy
   &lt;property name=&quot;maxActive&quot; value=&quot;200&quot;/&gt;
   &lt;property name=&quot;poolPreparedStatements&quot; 
value=&quot;true&quot;/&gt;
 &lt;/bean&gt;]]></script>
-</div></div>
-
-<p>If you want to run the broker with this configuration, you need to do the 
following:</p>
-
-<ul><li>Set environment variable: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div><p>If you want to run the broker with this configuration, you need 
to do the following:</p><ul><li><p>Set environment variable:</p><div 
class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[$ export 
ACTIVEMQ_ENCRYPTION_PASSWORD=activemq]]></script>
-</div></div></li><li>Start the broker: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div></li><li><p>Start the broker:</p><div class="code panel pdl" 
style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[$ bin/activemq start 
xbean:conf/activemq-security.xml]]></script>
-</div></div></li><li>Unset the environment variable: 
-<div class="code panel pdl" style="border-width: 1px;"><div class="codeContent 
panelContent pdl">
+</div></div></li><li><p>Unset the environment variable:</p><div class="code 
panel pdl" style="border-width: 1px;"><div class="codeContent panelContent pdl">
 <script class="theme: Default; brush: java; gutter: false" 
type="syntaxhighlighter"><![CDATA[$ unset 
ACTIVEMQ_ENCRYPTION_PASSWORD]]></script>
-</div></div></li></ul>
-
-
-<p>In this way your encryptor secret is never saved on your system and your 
encrypted passwords are safely stored in the configuration files.</p></div>
+</div></div></li></ul><p>In this way your encryptor secret is never saved on 
your system and your encrypted passwords are safely stored in the configuration 
files.</p></div>
         </td>
         <td valign="top">
           <div class="navigation">

Reply via email to